Security News

The initial apps in Google Play were safe, but the creators found a way around the Play Store's protections to install malware on Android users' devices. A November report from ThreatFabric revealed that more than 300,000 Android users unknowingly downloaded malware with banking trojan capabilities, and that it bypassed the Google Play Store restrictions.

The BRATA Android remote access trojan has been spotted in Italy, with threat actors calling victims of SMS attacks to steal their online banking credentials. The Italian campaign was first spotted in June 2021, delivering multiple Android apps through SMS phishing, otherwise known as smishing.

Four different Android banking trojans were spread via the official Google Play Store between August and November 2021, resulting in more than 300,000 infections through various dropper apps that posed as seemingly harmless utility apps to take full control of the infected devices. While Google earlier this month instituted limitations to restrict the use of accessibility permissions that allow malicious apps to capture sensitive information from Android devices, operators of such apps are increasingly refining their tactics by other means even when forced to choose the more traditional way of installing apps through the app marketplace.

Malware campaigns distributing Android trojans that steals online bank credentials have infected almost 300,000 devices through malicious apps pushed via Google's Play Store. The Android banking trojans delivered onto compromised devices attempt to steal users' credentials when they log in to an online banking or cryptocurrency apps.

Overcoming Google Play app restrictions, attackers have successfully racked up more than 300,000 banking trojan installations over just the past four months in the official Android app marketplace. Researchers from Threat Fabric reported that these threat groups have honed their ability to use Google Play to propagate banking trojans by shrinking the footprint of their dropper apps, eliminating the number of permissions they ask for, boosting the overall quality of the attack with better code and standing up convincing companion websites.

The BrazKing Android banking trojan has returned with dynamic banking overlays and a new implementation trick that enables it to operate without requesting risky permissions. RAT capabilities-BrazKing can manipulate the target banking application by tapping buttons or keying text in.

Cybersecurity researchers on Monday took the wraps off a new Android trojan that takes advantage of accessibility features on the devices to siphon credentials from banking and cryptocurrency services in Italy, the U.K., and the U.S. Dubbed "SharkBot" by Cleafy, the malware is designed to strike a total of 27 targets - counting 22 unnamed international banks in Italy and the U.K. as well as five cryptocurrency apps in the U.S. - at least since late October 2021 and is believed to be in its early stages of development, with no overlaps found to that of any known families. "The main goal of SharkBot is to initiate money transfers from the compromised devices via Automatic Transfer Systems technique bypassing multi-factor authentication mechanisms," the researchers said in a report.

Banking malware threats are sharply increasing as cybercriminals target the rising popularity of mobile banking on smartphones, with plots aimed at stealing personal banking credentials and credit card information, a Nokia report reveals. The report, based on data aggregated from network traffic monitored on more than 200 million devices globally, showed an 80%, year-on-year increase in the first half of the year in the number of new banking trojans, which also try to steal SMS messages containing one-time passwords.

A stealthier batch file with at least two layers of obfuscation;. ZIP file, the aforementioned stealthy batch file executes.

A new version of a banking trojan known as Mekotio is being deployed in the wild, with malware analysts reporting that it's using a new, stealthier infection flow. The last notable activity of Mekotio dates back to the summer of 2020 when the trojan's operators deployed it in a campaign targeting Latin American countries.